Clémentine Maurice (Crystal, CNRS) présente ses travaux en séminaire le jeudi 05 juin à 14h en 301
Over the past decade, many different automated approaches have been developed to detect side-channel vulnerabilities in cryptographic libraries. However, despite this abundance of tools, side-channel vulnerabilities are still regularly (and manually) found in cryptographic libraries. In this talk, we will investigate this paradox. We begin with a short example of an attack on a real cryptographic library using a cache side-channel attack called Flush+Reload. We continue with a survey and classification of recently published side-channel vulnerabilities and side-channel detection tools. We propose a unified benchmark, and our evaluation suggests several reasons why existing tools may struggle to find vulnerabilities. We conclude by analyzing the impact of recent attacks on such automated detection tools.